I want to create a web application firewall from scratch. I am going to use machine learning to train it to classify malicious and clean queries. My dilemma is that I am a beginner and am unable to choose which language to code it n and also should I make it a reverse proxy or as a server plugin?
Asked
Active
Viewed 637 times
1
-
1For the security aspect of your problem it does not matter which language you use or if you implement it as a reverse proxy or server plugin, i.e. both architectures make blocking and changing of traffic possible and can be implemented in a variety of languages. And Non-security aspects are off-topic here. – Steffen Ullrich Jul 30 '17 at 07:06
1 Answers
0
It is an idea that everyone in security is hoping to solve sooner and better than the others! Of course there are also people who say it's an overkill for a WAF. But hey, All the best! :)
- unable to choose which language to code it in
I'll assume that you did study ML (not just read about it) - in which case you may have used some ML libraries and done some coding. If your milestone goal is to get a working prototype / POC, you should just choose the language that you used while learning. This is a challenging project and you don't want to add "learn a new language" to the list of challenges.
- reverse proxy or server plugin
Again, choose what you are familiar with. That will get you soonest to the goal of a minimum viable product (MVP). e.g., When we developed our product ActiFend, our development team was already familiar with WordPress Plugins, so for an MVP, we chose that path - and got something to show in weeks instead of months. It's another matter that we got stuck there for a long time now (scope creep), but if I were to choose again with hindsight, I'd do the same.
It won't matter whether you are just a one-person-army doing this or you have a large team. As an Agile practitioner and evangelist - I say: get something small working ASAP.
Sas3
- 2,658
- 10
- 20